Secure Network File Systems

In this project we consider techniques to enhance the security of Network
File Servers with minimal impact on client/server protocols, or
performance. We consider NFSv4 proxies to intercept and secure data between
clients and servers.

In some cases, we are able to modify a file server's implementation to
transparently add security (e.g., adding UID/GID range-mapping and
cloaking). We investigate proxy techniques that reside in between clients
and servers and monitor file system activity at a high level.

In this project we are also evaluating vulnerabilities in existing NFS
systems that may allow an attacker to gain file access without proper
authentication.

In addition, we are designing a client-side encryption scheme for NFSv4.
This latest version of NFS is intended for use over the Internet, and there
are usage scenarios where clients store data on untrusted servers. In our
encryption scheme, clients will encrypt data before it is sent to the
server. This data will be stored in encrypted form, and will be decrypted
by the client when the data is read.